Obama's NSA reforms don't go far enough, tech leaders say [Virginian - Pilot]
(Virginian - Pilot Via Acquire Media NewsEdge) By Michael Liedtke and Barbara Ortutay
The Associated Press
Technology companies and industry groups took President Barack Obama's speech on U.S. surveillance as a step in the right direction, but chided him for not embracing more dramatic reforms to protect people's privacy and the economic interests of American companies that generate most of their revenue overseas.
"The president's speech was empathetic, balanced and thoughtful, but insufficient to meet the real needs of our globally connected world and a free Internet," said Ed Black, president of the Computer & Communications Industry Association, a group that represents Google, Microsoft, Facebook and other technology companies upset about the NSA's broad surveillance of online communications.
On Friday, the president called for ending the government's control of phone data from hundreds of millions of Americans and ordered intelligence agencies to get a court's permission before accessing such records. He also issued a directive that intelligence- gathering can't be employed to suppress criticism of the United States or provide a competitive advantage to U.S. companies.
In addition, the president directed Attorney General Eric Holder and Director of National Intelligence James Clapper to consider whether new privacy safeguards could be added to online data gathering.
Eight of the world's best-known technology companies underscored their common interest in curbing the NSA by releasing a joint, measured critique of Obama's proposal. They applauded the commitment to more transparency and more privacy protections for non-U.S. citizens, but also stressed that the president didn't address all their concerns.
"Additional steps are needed on other important issues, so we'll continue to work with the administration and Congress to keep the momentum going and advocate for reforms consistent with the principles we outlined in December," said the statement from Google, Apple, Yahoo, Microsoft, Facebook, Twitter, LinkedIn and AOL.
Obama did agree to at least one major concession to the technology industry by pledging "to make public more information than ever before about the orders they have received to provide data to the government."
The companies are hoping greater transparency will show that the U.S. government has only been demanding information about a very small fraction of their vast audiences.
But the promise of more disclosure didn't satisfy groups focused on online privacy and other digital rights.
"Far more needs to be done to restore the faith of the American people and repair the damage done globally to the U.S. reputation as a defender of human rights on the Internet," said Greg Nojeim, senior counsel at the Center for Democracy & Technology.
Hacking attacks like those that siphoned credit-card data from Target and Neiman Marcus are probably part of an unprecedented assault on a larger number of retailers, according to a security company working with the government.
The assaults on retailers may involve multiple groups of hackers who appear to be working from a sophisticated piece of software code that began circulating on underground websites last June, iSIGHT Partners, a Dallas-based security company that tracks cybercriminals, said in a report.
The report doesn't say whether the software, dubbed Kaptoxa, was used in the theft of as many as 40 million customer credit- and debit-card accounts from Target. A person briefed on the investigation, who asked not to be identified because the matter is confidential, said Kaptoxa is the same software that infected Target. Molly Snyder, a spokeswoman for Target, declined to comment.
"We haven't seen the last of this," said iSIGHT Chief Executive Officer John Watters in an interview. "Now it's a race to the bank with the criminals rushing to hijack the data and convert it into criminal gain before the door to profitability is closed."
The iSIGHT report said the scale and sophistication of the campaign against retailers' point-of-sale systems - the terminals on which customers swipe credit and debit cards - may be the largest ever seen, escaping elaborate industry efforts to secure a system that processes more than $3.3 trillion in U.S. transactions annually.
Target, the second-largest U.S. discount chain, has said the theft of customer data may have affected anyone who provided it with basic information over the past several years.
In December, the company said credit- and debit-card data for as many as 40 million people who shopped in its stores between Nov. 27 and Dec. 15 may have been compromised.
Earlier this month, the company said the thieves also got access to the names, phone numbers and home and email addresses of as many as 70 million people.
Target hasn't disclosed details about how its point-of-sale system was breached.
Neiman Marcus said earlier this month that some unauthorized purchases may have been made with customer cards, without disclosing the scope of the breach. Credit-card processors alerted the Dallas- based luxury chain to the incursion in mid- December, and the company is working with federal authorities and investigating the matter, according to a statement.
(c) 2014 ProQuest Information and Learning Company; All Rights Reserved.
[ Back To TMCnet.com's Homepage ]